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Prior to entry of this Amendment, claims 1-52 and 56-67 were pending in the 
application. Claims 1, 5-7, 27, 36, 39, 43, 46, 50, 56, 59, 61, and 62 have been amended and 
claims 2-4, 28-30, 37, 38, 44, 45, 51, 52, 57, and 58 have been canceled herein. No claims have 
been added. Hence, after entry of this Amendment, claims 1, 5-27, 31-36, 39-43, 46-50, 56, and 
59-67 remain pending. Applicants respectfully request reconsideration of the pending claims. 

35 U.S.C. $ 102(e) , Gupta 

The Office Action rejected claims 56, 59 and 60 under 35 U.S.C. §102(e) as being 
anticipated by U. S. Patent No. 6,226,752 Bl to Gupta et al., (hereinafter "Gupta"). The 
applicants traverse the rejection for at least the following reasons and respectfully request 
reconsideration of the rejected claims, as amended. 

"A claim is anticipated only if each and every element as set forth in the claim is 
found, either expressly or inherently described, in a single prior art reference." MPEP 2131 
citing Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 
(Fed. Cir. 1987). Applicants respectfully argue that Gupta fails to disclose each and every 
claimed element. For example, claim 56, upon which claims 59 and 60 depend has been 
amended to recite in part "causing user session state information to be stored at a client for said 
first user wherein said user session state information is from a cookie stored on a client for said 
first user and said user session state information is encrypted." Additionally, claim 56 has been 
amended to recite in part "receiving a request from said application for unencrypted data from 
said user session state information; and providing said unencrypted data from said user session 
state information to said application, said application does not have access to a key to decrypt 
said unencrypted data from said user session state information." 
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As indicated in the Office Action, Gupta fails to disclose encrypting and 
decrypting user session information. Furthermore, since Gupta fails to disclose encrypting and 
decrypting user session information, Gupta cannot teach or suggest receiving a request from said 
application for unencrypted data from said user session state information; and providing said 
unencrypted data from said user session state information to said application, said application 
does not have access to a key to decrypt said unencrypted data from said user session state 
information. 

It is noted that the Wood was used to show the limitations of claims 57 and 58 
that are now included in amended claim 56. However, Wood fails to teach or suggest said 
application does not have access to a key to decrypt said unencrypted data from said user session 
state information. More specifically, Wood teaches in the portion cited (col. 7, lines 31-63) a 
public key encryption system where the authentication service uses its private key to encrypt 
contents of the session credentials. Each component of the system uses a public key 
corresponding to the authentication serviced private key to decrypt the contents of the session 
credentials. That is, under Wood, each component, i.e., application, MUST have access to a key, 
i.e., the public key corresponding to the authentication service's private key, in order to decrypt 
the contents of the session credentials. Therefore, Wood cannot teach or suggest request from 
said application for unencrypted data from said user session state information; and providing said 
unencrypted data from said user session state information to said application, said application 
does not have access to a key to decrypt said unencrypted data from said user session state 
information. For at least these reasons, claims 56, 59 and 60 should be allowed. 

35 U.S.C. $ 103(a), Gupta in view of Olden 

The Office Action rejected claims 1, 2, 6, 7, 9-22, 26, 27, 31-36, 39-43, 46-50, 61 
and 64-67 under 35 U.S.C. § 103(a) as being unpatentable over Gupta in view of U. S. Patent No. 
6,460,141 Bl to Olden, (hereinafter "Olden") 1, 2, 6, 7, 9-22, 26, 27, 31-36, 39-43, 46-50, 61 and 
64-67 under 35 U.S.C. § 103(a) as being unpatentable over Gupta in view of Olden. The 
Applicant respectfully submits that the Office Action does not establish a prima facie case of 
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obviousness in rejecting these claims. Therefore, the Applicant requests reconsideration and 
withdrawal of the rejection. 

In order to establish a prima facie case of obviousness, the Office Action must 
establish: 1) some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the references or 
combine their teachings; 2) a reasonable expectation of success of such a modification or 
combination; and 3) a teaching or suggestion in the cited prior art of each claimed limitation. 
See MPEP §706.02(j). As will be discussed below, the references cited by the Office Action do 
not teach or suggest each claimed limitation. For example, the cited references, alone or in 
combination, do not teach or suggest unencrypted data from encrypted session state information 
provided to an application where the application does not have access to a key to decrypt the 
session state information. 

More specifically, claim 1, upon which claims 6, 7, 9-22, 26, and 64-67 depend, 
claim 36, upon which claims 39-42 depend, and claim 43, upon which claims 46-49 depend, 
each recite in part "receiving user session state information for a first user at an application 
program interface for an access system, said user session state information is from an application 
without a web agent front end, said user session state information is from a cookie stored on a 
client for said first user, said user session state information is encrypted, and said step of 
receiving user session state information includes decrypting said user session state information" 
and "receiving a request from said application for unencrypted data from said user session state 
information; and providing said unencrypted data from said user session state information to said 
application, said application does not have access to a key to decrypt said user session state 
information." Similarly, claim 27 upon which claims 31-35 depend, and claim 50 each recite in 
part "wherein said information from said cookie is encrypted" and "wherein said application does 
not have access to a key for decrypting said information from said cookie." Also, claim 61 
recites in part "wherein said information from said cookie in encrypted and said application does 
not have access to a key for decrypting said information from said cookie." 
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However, none of the references, alone or in combination, teach or suggest 
unencrypted data from encrypted session state information provided to an application where the 
application does not have access to a key to decrypt the session state information. It is noted that 
the Wood was used to show teaching of encrypted session information. However, Wood fails to 
teach or suggest said application does not have access to a key to decrypt said unencrypted data 
from said user session state information. Under Wood, each component, i.e., application, MUST 
have access to a key, i.e., the public key corresponding to the authentication serviced private key, 
in order to decrypt the contents of the session credentials. Therefore, the combination of 
references cannot teach or suggest the limitations of the independent claims. For at least these 
reasons, claims 1, 6, 7, 9-22, 26, 27, 31-36, 39-43, 46-50, 61 and 64-67 should be allowed. 

35 U.S.C. 8 103(a), Gupta in view of Olden and Wood 

The Office Action rejected claims 3-5, 8, 28-30, 37, 38, 44, 45, 51, 52, 62 and 63 
under 35 U.S.C. § 103(a) as being unpatentable over Gupta in view of Olden as applied above 
and further in view of U. S. Patent No. 6,668,322 Bl to Wood et al., (hereinafter "Wood"). The 
Applicant respectfully submits that the Office Action does not establish a prima facie case of 
obviousness in rejecting these claims. Therefore, the Applicant requests reconsideration and 
withdrawal of the rejection. 

As noted above, none of the references, alone or in combination, teach or suggest 
unencrypted data from encrypted session state information provided to an application where the 
application does not have access to a key to decrypt the session state information. It is noted that 
the Wood was used to show teaching of encrypted session information. However, Wood fails to 
teach or suggest said application does not have access to a key to decrypt said unencrypted data 
from said user session state information. Under Wood, each component, i.e., application, MUST 
have access to a key, i.e., the public key corresponding to the authentication serviced private key, 
in order to decrypt the contents of the session credentials. Therefore, the combination of 
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references cannot teach or suggest the limitations of the independent claims. For at least these 
reasons, claims 5, 8, 62 arid 63 should be allowed. 

35 U.S.C. S 103(a). Gupta in view of Olden and Wenis 

The Office Action rejected claims 23-25 under 35 U.S.C. § 103(a) as being 
unpatentable over Gupta in view of Olden as applied above and further in view of U. S. Patent 
No. 6,286,098 Bl to Wenig et al., (hereinafter "Wenig"). The Applicant respectfully submits 
that the Office Action does not establish a prima facie case of obviousness in rejecting these 
claims. Therefore, the Applicant requests reconsideration and withdrawal of the rejection. 

Claim 1, upon which claims 23-25 depend, recites in part "receiving user session 
state information for a first user at an application program interface for an access system, said 
user session state information is from an application without a web agent front end, said user 
session state information is from a cookie stored on a client for said first user, said user session 
state information is encrypted, and said step of receiving user session state information includes 
decrypting said user session state information" and "receiving a request from said application for 
unencrypted data from said user session state information; and providing said unencrypted data 
from said user session state information to said application, said application does not have access 
to a key to decrypt said user session state information." None of the references, alone or in 
combination, teach or suggest unencrypted data from encrypted session state information 
provided to an application where the application does not have access to a key to decrypt the 
session state information. It is noted that the Wood was used to show teaching of encrypted 
session information. However, Wood fails to teach or suggest said application does not have 
access to a key to decrypt said unencrypted data from said user session state information. Under 
Wood, each component, i.e., application, MUST have access to a key, i.e., the public key 
corresponding to the authentication service's private key, in order to decrypt the contents of the 
session credentials. Therefore, the combination of references cannot teach or suggest the 
limitations of the independent claims. For at least these reasons, claims 23-25 should be 
allowed. 
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35 U.S.C $ 103 (a), Gupta in view of Wood 

The Office Action rejected claims 57 and 58 under 35 U.S.C. § 103(a) as being 
unpatentable over Gupta in view of Wood. The Applicant respectfully points out that these 
claims have been canceled, thereby rendering the rejection moot. 



In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 

Respectfully submitted, 



TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, Eighth Floor 
San Francisco, California 941 1 1-3834 
Tel: 303-571-4000 
Fax: 303-571-4321 
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William J. Daley 
Reg. No. 52,471 ' 



